OEM distributions of Jenkins can provide a custom ConfidentialStore implementation
by writing a subclass, mark it with MetaInfServices annotation, package it as a Jenkins module,
and bundling it with the war file. This doesn't use Extension because some plugins
have been found to use Secret before we get to InitMilestone.PLUGINS_PREPARED, and
therefore Extensions aren't loaded yet. (Similarly, it's conceivable that some future
core code might need this early on during the boot sequence.)